Exam SY0-601 topic 1 question 252 discussion

This is the reason why the answer is 100% B : A. On Path Attack - sits in the middle of two stations changing data that comes across the path. - This is not the answer. B. DNS Poisining - Hacker reroutes traffic from legitimate site to fake version. This is what happened here. When user when to CompTIA.org, he went to fake version because legitimate DNS address/records/info for that site was changed at his site specifically. - This is the correct answer. C. Locator (URL) redirection - clicks on link and is redirected to malicious website. A URL was not clicked on in this question. A domain was typed in: Comptia.org. And also redirection was not described in this question. This is not the answer. D. Domain Higjacking - Website address is completely stolen by another party. The question clearly states that "users from a different office are not having this problem". If the users were having the problem, then this would mean that that the website was stolen. But because other users at other locations are not having the problem: This is not the answer. B. DNS Poisoning is the Only Correct Answer 100%

Only some client have this problem about web tarns to malicious site. So choose B.

A host was affected. ONLY one affected, not the entire network, so DNS poisoning is out. This is an example of Typosquatting aka URL redirection

The issue is isolated to one user.

I thought B at first, however, that would affect ALL users, which is not the case. "Users in a different office are not having this issue"

(B) DNS poisoning....Sends a fake response to a valid DNS request....

B. DNS Poisoning I don’t think it’s URL Redirection because this type of attack dupes a victim, usually of an email message, into clicking a URL that looks like the legit site but redirects them to a scam site. The question stated nothing about this.

Local DNS Cache is poisoned.

NOT DNS Poisoning - If that were the case, everyone would be impacted. DNS is not per user. I would go with Locator (URL) redirection

DNS server is not on local hosts, it is usually installed on the network, only this user is experiencing this malicious redirection, it doesn't matter how the URL was inserted, it's a local URL redirection not on the DNS server or else it would affect everyone on the network.

I am wondering Domain Hijacking is not even the answer for any of these questions.. lol

DNS (Domain Name System) poisoning, also known as DNS cache poisoning, is an attack in which an attacker maliciously alters the DNS cache of a domain name server. The objective is to redirect DNS queries for a legitimate domain to a malicious IP address, which could be controlled by the attacker. In this scenario, when the user enters "comptia.org" into the web browser, the DNS response is manipulated, and the user is directed to a malicious website hosted by the attacker instead of the legitimate comptia.org site. It's worth noting that users in a different office not having this issue indicates that the poisoning attack is likely targeting specific DNS servers or network segments.

Although the C option might seem like its the right option,....It is very wrong in this context because URL Redirection is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website.. Based on that explanation, the right answer is D What Is DNS Poisoning? DNS poisoning is a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it's completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works

* Users in a different office are not having this issue. Plain and simple. If the DNS cache is poisoned, everyone would have the issue.

The answer would have been DNS Poisoning if all users are impacted, since one user is impacted the answer is C as Locator URL redirection is a technique which allows an attacker to force users application or web browser to an untrusted external site.

It’s not affecting other users so it’s C. Wouldn’t DNS poisoning affect other users ?

According to ChatGPT B. DNS poisoning DNS poisoning, also known as DNS spoofing or DNS cache poisoning, is a type of attack in which an attacker alters the mapping of a domain name to an IP address. In this case, the analyst observed that a user enters comptia.org into a web browser, but the website that appears is not the actual comptia.org site. Instead, it's a malicious site controlled by the attacker. This behavior indicates that the attacker has poisoned the DNS server, causing the server to return the wrong IP address for the domain name comptia.org. This attack is also known as DNS Cache Poisoning. An on-path attack is an attack that intercepts and alters network traffic in transit. Locator (URL) redirection is a technique used to redirect a web page request to a different web page. Domain hijacking is an attack in which an attacker gains unauthorized access to a domain name registrar account, allowing them to change the DNS records and take control of a domain name.